Re: [Architecture] [IS] IS 5.5.0 += Adaptive Authentication

2017-05-31 Thread Asela Pathberiya
On Wed, May 31, 2017 at 10:38 AM, Ruwan Abeykoon wrote: > > Hi Prabath, > > >> Please check whether my understanding is correct based on the following >> mail.. >> >> 1. We define set of ACR values at the framework level - which are >> agnostic to the inbound protocols. >> 2. Each inbound protoco

Re: [Architecture] [IS] IS 5.5.0 += Adaptive Authentication

2017-05-30 Thread Ruwan Abeykoon
Hi Prabath, > Please check whether my understanding is correct based on the following > mail.. > > 1. We define set of ACR values at the framework level - which are agnostic > to the inbound protocols. > 2. Each inbound protocol (OIDC, SAML) - can define their own ACR values - > but must be mappe

Re: [Architecture] [IS] IS 5.5.0 += Adaptive Authentication

2017-05-30 Thread Prabath Siriwardena
On Thu, May 25, 2017 at 3:43 AM, Ishara Karunarathna wrote: > HI Ruwan, > > With my understanding ACR is related to the authenticated assurance level. > or we can define specific authentication level. > Ex > acr.level.1 = username pwd athentication > acr.level.2 = step1 : username pwd athenticat

Re: [Architecture] [IS] IS 5.5.0 += Adaptive Authentication

2017-05-30 Thread Prabath Siriwardena
Hi Ruwan, Please check whether my understanding is correct based on the following mail.. 1. We define set of ACR values at the framework level - which are agnostic to the inbound protocols. 2. Each inbound protocol (OIDC, SAML) - can define their own ACR values - but must be mapped to the ACR val

Re: [Architecture] [IS] IS 5.5.0 += Adaptive Authentication

2017-05-29 Thread Gayan Gunawardana
On Thu, May 25, 2017 at 4:13 PM, Ishara Karunarathna wrote: > HI Ruwan, > > With my understanding ACR is related to the authenticated assurance level. > or we can define specific authentication level. > Ex > acr.level.1 = username pwd athentication > acr.level.2 = step1 : username pwd athenticat

Re: [Architecture] [IS] IS 5.5.0 += Adaptive Authentication

2017-05-25 Thread Ishara Karunarathna
HI Ruwan, With my understanding ACR is related to the authenticated assurance level. or we can define specific authentication level. Ex acr.level.1 = username pwd athentication acr.level.2 = step1 : username pwd athentication step2 : OTP So if the user send acr as *acr.level.1

[Architecture] [IS] IS 5.5.0 += Adaptive Authentication

2017-05-25 Thread Ruwan Abeykoon
Hi All, I plan to add the Adaptive authentication on IS. Please provide your feedback on the architecture bellow. References: http://openid.net/specs/openid-connect-core-1_0.html#AuthorizationEndpoint https://tools.ietf.org/html/draft-ietf-oauth-amr-values-02 Architecture *